I am running into an issue using a 2fa binary through a squid proxy. I am writing the selinux policy for the 2fa binary, but when when I attempt to access the system via ssh I am seeing the following AVC
type=AVC msg=audit(1564694436.236:1003): avc: denied { name_connect } for pid=30620 comm="starling" dest=3128 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:squid_port_t:s0 tclass=tcp_socket permissive=0
The following will fix it for the squid proxy:
corenet_tcp_connect_squid_port(sshd_t)
but what if tomorrow I decide to use a different proxy, that uses a different port. What is the correct way to set this up so that regardless of what proxy is being used on whatever port I don't have to update my policy every time?
Thanks,
Jayson